Group Anomaly Detection: Past Notions, Present Insights, and Future Prospects (original) (raw)
Related papers
Graph-based Anomaly Detection and Description: A Survey
Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised vs. (semi-)supervised approaches, for static vs. dynamic graphs, for attributed vs. plain graphs. We highlight the effectiveness, scala-bility, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the 'why', of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field.
Detecting contextual collective anomalies at a Glance
23rd International Conference on Pattern Recognition (ICPR), 2016, 2016
Many phenomena in our world can be modeled as networks, from neurons in the human brain, computer networks and bank transactions to social interactions. Anomaly detection is an important data mining task consisting in detecting rare objects that deviate from the majority of the data. Contextual collective anomaly detection techniques can be applied to intrusion detection in computer networks, bank fraud detection, or finding people with strange behavior in social networks. In this work, a fast and intuitive algorithm to detect collective contextual anomalies is presented. Furthermore, the importance of selecting algorithms which find meaningful outliers for the application domain specialists is analyzed.
Anomaly detection in large evolving graphs
2017
ANOMALY detection plays a vital role in various application domains including network intrusion detection, environmental monitoring and road traffic analysis. However a major challenge in anomaly detection is how to mine datasets where objects possess causal/non-causal relationships such as friendship, citation and communication relationships. This type of relational data can be represented as a graph, and raises the challenges of how to extend anomaly detection to the domain of relational datasets such as graphs. Anomalies often provide valuable insights into the correlation between an abnormal pattern and a real world phenomenon. Therefore, there has been growing attention towards anomaly detection schemes in dynamic networks. Although these evolving networks impose a curse of dimensionality on the learning models, they usually contain structural properties that anomaly detection schemes can exploit. The major challenge is finding a feature extraction technique that preserves grap...
"A Systematic Study on Aspects and Methods to Detect Anomalies in Online Social Networks"
Journal of Huazhong University of Science and Technology , 2021
In the last decade, the usages of social networks have observed a steady but sharp upswing, due to increased availability and affordability of the internet brought by technological advancements. So, naïve and/or innocent social network users became primary targets of the malignant Users for their illegal activities. Various malicious activities such as theft of identity, propagation of false information, etc. can be prevented by using anomaly detection techniques. This article reviews multiple anomaly detection approaches currently being used in the domain of social networking and presents a detailed comparison of their various aspects. On the network structure basis, anomalies type to be encountered, and the method of anomaly detection, we have categorized the existing approaches. We portrayed anomalies as either attributed or unattributed and as static or dynamic, by studying some predefined approaches to detect these types of anomalies. We found that there are two sub-processes in online social network anomaly detection, one is network features identification and calculation, and the other is observation analysis of these network features.
A Graph based Anomaly Node Detection in Socio- metric Networks
The challenge of detecting anomaly node behavior is the most vital issue that complicate the social network graphs due to unstructured connectivity parameters in overlapped peer-peer online user communities. The socio-metric connectivity parameters are typically considered to determine the measurement error which is the divergence between the actual value of a node behavior and the observed value of that behavior in a social network graph. But it is practically difficult to identify the measurements of a particular concept as a summation of actual value plus error. In this paper, a graph based anomaly nodes are detected using the measurement scenarios namely False Positive nodes/edges, False Negative nodes/edges and False Aggregation/Disaggregation. The quantification of network measures such as Degree centrality, clustering coefficient, Network constraint and Eigenvector centrality exhibit the effectiveness of anomaly node behavior detection accuracy. The anomaly nodes are detected and erroneous nodes are removed.
Detecting Anomalous Behaviors Using Structural Properties of Social Networks
In this paper we discuss the analysis of mobile networks communication patterns in the presence of some anomalous ``real world event''. We argue that given limited analysis resources (namely, limited number of network edges we can analyze), it is best to select edges that are located around `hubs' in the network. We demonstrate this method using a dataset containing the call log data from a major mobile carrier in a European nation.